Ennesima richiesta di aiuto

Tutto ciò che ha a che fare con la configurazione di apparati Cisco (e non rientra nelle altre categorie)

Moderatore: Federico.Lagni

Rispondi
[Dj][DMX]
Coamministratore
Messaggi: 428
Iscritto il: mer 24 nov , 2004 12:42 am
Località: Udine

Ciao a tutti!
Mi trovo come al solito a chiedervi una mano su una cosa che per voi sarà banale ma io dovrò pur imparare prima o poi....!

Allora, la configurazione attuale è la seguente:

Codice: Seleziona tutto

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco
!
boot-start-marker
boot-end-marker
!
enable secret 5 [la mia passw]
!
aaa new-model
!
!
!
aaa session-id common
!
resource policy
!
no ip subnet-zero
no ip source-route
ip cef
!
!
ip inspect max-incomplete low 300
ip inspect max-incomplete high 400
ip inspect one-minute low 300
ip inspect tcp synwait-time 20
ip inspect name fw ftp
ip inspect name fw appleqtc
ip inspect name fw netshow
ip inspect name fw realaudio
ip inspect name fw icmp
ip inspect name fw tcp
ip inspect name fw udp
no ip dhcp use vrf connected
no ip dhcp conflict logging
ip dhcp excluded-address 192.168.0.1
ip dhcp excluded-address 192.168.0.100
ip dhcp excluded-address 192.168.0.250
!
ip dhcp pool UFFICIO
   network 192.168.0.0 255.255.255.0
   default-router 192.168.0.1 
   dns-server 192.168.0.100 151.99.0.100 
   lease infinite
!
!
no ip ips deny-action ips-interface
no ip bootp server
ip domain name Cisco.com
ip name-server 151.99.0.100
ip name-server 151.99.125.2
ip ssh time-out 30
ip ssh authentication-retries 2
ip ssh version 2
!
!
!
!
username xxxxxxxxxxxxxxxx
!
! 
!
!
!
interface Loopback0
 ip address 88.xx.xxx.xxx 255.255.255.255
!
interface ATM0/0
 description ***ALICE ADSL 20 Mbits***
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto 
!
interface ATM0/0.1 point-to-point
 description ***INTERFACCIA POINT-TO-POINT***
 ip address 88.yy.yyy.yyy 255.255.255.252
 ip access-group 101 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip inspect fw out
 ip nat outside
 ip virtual-reassembly
 no ip mroute-cache
 pvc 8/35 
  encapsulation aal5snap
 !
!
interface Ethernet0/0
 ip address 192.168.0.1 255.255.255.0
 ip access-group 2008 out
 ip nat inside
 ip virtual-reassembly
 no ip mroute-cache
 full-duplex
 hold-queue 100 out
!
ip classless
ip route 0.0.0.0 0.0.0.0 ATM0/0.1
!
no ip http server
no ip http secure-server
ip nat translation timeout 500
ip nat translation tcp-timeout 250
ip nat translation udp-timeout 150
ip nat translation finrst-timeout 50
ip nat translation syn-timeout 20
ip nat translation dns-timeout 300
ip nat translation icmp-timeout 100
ip nat pool NET 88.xx.xxx.xxx 88.xx.xxx.xxx netmask 255.255.255.248
ip nat inside source list 100 pool NET overload
ip nat inside source static tcp 192.168.0.100 9999 88.xx.xxx.xxx 9999 extendable
ip nat inside source static udp 192.168.0.100 9999 88.xx.xxx.xxx 9999 extendable
!
access-list 100 remark **********ACL PER NAT**********
access-list 100 permit ip 192.168.0.0 0.0.0.255 any
access-list 101 remark **********ACL PER TRAFFICO IN ENTRATA**********
access-list 101 deny   ip host 0.0.0.0 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip 192.0.2.0 0.0.0.255 any
access-list 101 deny   ip 224.0.0.0 0.255.255.255 any
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 permit tcp any any eq 22
access-list 101 deny   tcp any any lt 1024
access-list 101 deny   udp any any lt 1024
access-list 101 permit icmp any any echo
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any unreachable
access-list 101 permit icmp any any administratively-prohibited
access-list 101 deny   icmp any any
access-list 101 deny   udp any any eq netbios-dgm
access-list 101 deny   udp any any eq netbios-ns
access-list 101 deny   udp any any eq netbios-ss
access-list 101 permit ip any any
access-list 101 remark **********ACL PER TRAFFICO IN USCITA**********
access-list 2008 permit udp any eq domain any
access-list 2008 permit tcp any any established
access-list 2008 permit icmp any any
access-list 2008 deny   ip any any
no cdp run
!
!
control-plane
!
!
!
!
line con 0
 stopbits 1
 speed 115200
line aux 0
line vty 0 4
 password 7 xxxxxxxxxxxxxxxxxxxxx
 transport input telnet ssh
!
!
end
L'oggetto in questione è un 2610 collegato ad una adsl Telecom con 8 ip statici di cui ne uso 1 per tutto.
Mi è stato richiesto di aprire una porta tcp ed una udp per permettere l'assistenza remota del gestionale dell'azienda che gira sul server con ip 192.168.0.100.
Io ho nattato appunto due porte a mia scelta su quell'ip ma non sono sicuro di aver fatto in maniera corretta, sapreste dirmelo (ho scelto la 9999 tcp e la 9999 udp).
Secondo me in realtà il tecnico vorrà poter fare remote desktop, ma per ora mi limiterò ad esaudire le sue richieste.

Grazie
Io non so se Dio esiste, ma se esiste spero abbia una buona scusa!
Piergiorgio Welby
Top
Rispondi

Torna a “Configurazioni”